Written evidence submitted by Socitm|
Socitm is the association for Information and Communications
Technology (ICT) and related professionals in the United Kingdom
public and third sectors, and suppliers to these sectors. It offers
networking and peer support, professional development, and access
to research and consultancy on a wide range of policy and technology
issues to its over 1,500 members.
Socitm works with the Local Government Group (Local
Government Association and Local Government Improvement &
Development) and the Local e-Government Standards Body (LeGSB)
in areas such as data quality, interoperability standards, transparency
and open data; with Central Government, including Cabinet Office,
HM Treasury, the Department of Communities and Local Government,
the Department of Work and Pensions, Centre for the Protection
of National Infrastructure and CESG(National
technical authority for advice and services to protect Government
voice and data networks); and with other professional
associations and groups, such as the Chartered Institute of Public
Finance and Accountancy. The Local Chief Information Officer (CIO)
Council is made up of Socitm members and supplies representatives
to the CIO and Chief Technology Officer (CTO) Councils. Socitm
also has strong links to its partner associations in Europe and
around the world, and is a signatory to the recent Citadel
that identifies a number of barriers to effective use of IT at
the local level throughout Europe.
At the request of the Government CIO, the Local CIO
Council has commissioned Socitm to produce a local public services
ICT strategy; this work is in progress.
policy is poorly co-ordinated and governed across government.
public services' input into technology policy co-ordination is
often too little, too late.
strategy, architecture and commissioning is the optimum way to
consolidate co-ordination and implementation of information and
technology policy and to achieve or even exceed the order of savings
required over the next four years.
realisation and capture of savings are weak and need to be improved
by using rigorous business change methods.
lessons have not been learnt and applied.
programmes continue to be largely technology-led, rather than
to be driven by public service outcomes.
is a key starting point for establishing how well IT services
needs to be an intrinsic part of public services design and delivery.
web-enabled, secure delivery of IT should be key features of future
development needs to focus on strategic business change, strategic
commissioning and information governance.
of the Government IT Professional Skills Framework needs to be
practices are inefficient and exclude SMEs and disruptive technology
needs to maintain control over strategy, policy, standards and
Sector Network, shared services and cloud provisioning should
become key features of public services IT infrastructure.
needs to be proportionate to the risks facing local public services.
1. How well is technology policy co-ordinated
1.1 Technology policy is poorly co-ordinated
across Government and is often formed without considering the
views of all relevant stakeholders.
1.2 The CIO Council and the CTO Council have
brought a degree of co-ordination, but there is still a recurring
theme of local government being ignored until late in the technology
application cycle and, typically, not until it reaches implementation.
This is despite the fact that around 60% of Government interactions
with citizens occur at the local level. It is often left to organisations
such as Socitm and the LG Group to lobby central government on
behalf of local public services. Additionally, much of the work
done by various CIO and CTO council working groups has not been
completed or published.
1.3 At the local level, technology and information
assurance are better coordinated now through the work of the Local
CIO Council (facilitated by Socitm) and the Local Government Delivery
Council. The sums of money needed to support local government
input into wider public sector co-ordination would not be significant
but, with the exception of the Local e-Government Programme (2000-05),
provision for local public services engagement in co-ordination
of technology policy and implementation is absent.
2. How effective are its governance arrangements?
2.1 Governance of IT is not co-ordinated, leading
to fragmented procurement, duplicated and incompatible systems
and extra cost. The former Central Computer and Telecommunications
Agency was able to take an overarching view in the same way as
CESG (part of GCHQ) does now for information assurance.
2.2 Socitm believes that "pan-local/pan-public-sector"
governance of strategy, architecture and commissioning is the
best way to consolidate co-ordination and implementation of information
and technology policy. This would address architectures and arrangements
for commissioning services, via a multi-sourced approach, based
on the pan-local need. The result would be less need for IT delivery
within local public service organisations. This approach, which
would need to include central government departments delivering
locally, has the potential to deliver radical reform and to achieve,
or even exceed, the order of savings required over the next four
years, both in IT provisioning and in the local public services
that IT enables.
2.3 Information governance is a particularly
complex area and this is not helped by each department, government
agency and local authority having its own view on what information
governance is and how it should be implemented. A central body
determining and enforcing standards and funding central, common
strategic and policy work, especially around network, identity
and authentication systems, would save significant sums of money,
cut waste and facilitate a buy once, use many approach.
2.4 Although the private sector has a role to
play, much money is wasted, because government does not have the
in-house expertise to develop and maintain systems and capabilities.
The majority of this work is outsourced, which means the knowledge
is grown externally to the public sector community. Whilst the
private sector may profit from this, it is not always to the mutual
benefit of both sectors.
2.5 Governance of benefits realisation and capture
of savings from IT-enabled business change projects is weak. For
this reason, Birmingham City Council developed the CHAMPS2 (www.champs2.org)
business change methodology, which is now being adopted successfully
by a growing number of public service organisations worldwide
to ensure rigorous realisation of benefits and savings.
3. Have past lessons from NAO and OGC reviews
about unsuccessful IT programmes been learnt and applied?
3.1 The number of failures, both past and present,
suggests that lessons have not been learnt and applied. The National
Health Programme for IT, the UK eGovernment Interoperability Framework
and the Code of Connection are all examples of projects which
have been driven by technology, rather than by public service
3.2 Office of Government Commerce (OGC) work
focuses on central government, so apart from PRINCE, MSP and other
methodologies, their work is of limited value for the wider public
3.3 The OGC Gateway process is effective, but
it is often misunderstood and not followed. Failure of large,
high profile projects is often due to a lack of effective business
change management (and underlying portfolio and programme management).
4. How well is IT used in the design, delivery
and improvement of public services?
4.1 Answering this question will become increasingly
difficult because of the abolition of the Audit Commission. In
order for local authorities, public bodies or central government
departments to establish how well they are performing in a particular
area, there must be a baseline against which to perform a comparison.
Socitm's Benchmarking Service offers a robust baseline of information
on IT services in local public services.
4.2 Public services are often designed and may
even be implemented before IT is retrospectively fitted to the
service, instead of IT being intrinsic in service design. Exceptions
include online payment of parking fines, implementation of Oyster
Cards by Transport for London and online management of student
finance. The gains to be made from digital delivery are well known
(eg from Socitm's own Channel Value Benchmarking research), but
implementation is slow and sporadic. This makes it all the more
important that IT is involved from the early stages of public
service design, delivery and improvement.
4.3 Cybersecurity is becoming increasingly important
as we move towards shared, multi-agency services, involving citizen
interaction over the Internet.
5. What role should IT play in a "post-bureaucratic
5.1 The focus of most of the questions in this
consultation is technology. However, this only makes sense in
the context of the purpose technology serves, which is to process
data and to produce information to enable desired public service
outcomes. Consequently, effective management and use of government
data and information will be a prerequisite for successful use
of IT in a "post-bureaucratic age".
5.2 We need to shift from the traditional, silo-based
IT approach, towards the development of agile, web enabled and
secure service delivery, utilising the Internet, and involving
the citizen, businesses and the voluntary sector, whilst ensuring
that the quality of the data and its security is maintained.
6. What skills does Government have and what
are those it must develop in order to acquire IT capability?
6.1 The role of IT is changing. Required skills
are moving away from technology, towards strategic business change,
strategic commissioning (procurement and supplier management)
and information governance. The record of failed IT projects,
the fact that the Senior Information Risk Owner role often resides
in someone who does not understand what the role entails, and
shortfalls in commercial acumen and strategic provisioning mean
that IT is not tightly integrated into the design and reform of
6.2 We need skills in developing "fit for
purpose" standards that will ensure full integration and
interoperability. We need excellence in enterprise and security
architecture. We need leadership, governance and programme management
skills, so that government has its own capability to develop the
services and systems that it needs for the future. These skills
take time to acquire and develop, making it vitally important
that an effective skills framework and career path is put in place.
6.3 Although a Government IT Profession Skills
Framework has been developed, it has yet to be taken-up effectively
across all government.
7. How well do current procurement policies
and practices work?
7.1 There is much room for improvement in procurement
practices. Much of the inefficiency is due to the way in which
EU procurement regulations are implemented in the UK. These often
bind government into bureaucratic contracts, which do not offer
best value, and tend to deliver self-serving systems, rather than
systems serving public service outcomes. Additionally, OGC frameworks
do not allow rapid purchasing and deployment.
7.2 The OGC approach towards large frameworks
precludes SMEs from bidding for government work, to the point
where they tend to be engaged only as sub-contractors. This adds
significant transaction costs to the supply chain. A simple way
to reduce regulation and bureaucracy would be to raise the EU
procurement threshold. This would mean that SMEs are more able
to bid for work in Government and help to promote economic growth
in the UK.
7.3 Councils themselves have their own bureaucratic
processes when engaging with new suppliers. Time and money could
be saved by implementing a national procurement registration process
linked to HMRC and Companies House.
8. What infrastructure, data or other assets
does government need to own, or to control directly, in order
to make effective use of IT?
8.1 For commodity items such as applications
software, ownership does not need to reside with Government. However,
it is vital that Government maintains control over strategy, policy,
standards and security capability. Outsourcing these elements
leads to a loss of capability and capacity to control around IT
systems and costs.
8.2 Effective management of information is just
as important as technology. Strong information governance and
compliance should be in place across government and the wider
public sector to ensure that best practice is followed and to
co-ordinate effective information sharing.
8.3 Where information is of a sensitive nature,
government should have an appropriate mechanism for securely transferring
it. Given that the Internet is the main route of attack for cyber-threats,
there is a need for highly available network which is less prone
to this type of attack so that in the event of a cyber-attack,
government can continue to function. Any government network must
also be able to facilitate inter-organisational shared services.
The PSN standards should meet these requirements and attention
needs to be focused on these, rather than the business aspirations
of the current main communications suppliers.
9. How will public sector IT adapt to the
new "age of austerity"?
9.1 Austerity has already had an impact on professional
development and knowledge sharing, with cuts to training and travel
budgets. Austerity causes organisations to economise and only
to look inwards for solutions, when better ideas may exist outside.
9.2 Government needs to carefully consider the
implications of cost cutting. Innovation and development will
diminish, and training will be restricted. This will cause morale,
and productivity to decline. There is a danger that some organisations
will just see IT as another cost centre which needs to take its
fair share (or more) of cuts, when in reality, more services than
ever before will need to be delivered digitally.
9.3 Where new initiatives are planned, a "Gate
Zero Review" (OGC Gateway Review) should be undertaken to
ensure that best value is being realised and, before buying new,
organisations should check that there is not already something
similar, no longer required elsewhere, but still contracted to
be paid for, that cannot be re-purposed.
9.4 Service-led innovations, which are enabled
by technology and which disrupt current ways of thinking need
to be encouraged. However, current framework approaches to procurement
inhibits these. The costs associated with registering on OGC Frameworks
inhibit smaller, innovate businesses from bidding for work in
9.5 The PSN, as a "network of networks",
is a critical undertaking that, wherever possible, should reuse
existing network assets to provide the infrastructure for shared
services and cloud provisioning of IT.
9.6 A growing number of local authorities are
planning to make significant cost savings through the use of shared
IT services. Utilising the PSN, traditional geographical constraints
to the sharing of services can be overcome, while some are implementing
shared IT services across multiple types of organisations.
9.7 Money can also be saved by making use of
cloud services. Applications can be designed, tested and accredited
once and then deployed across multiple organisations at a reduced
unit cost. Hosting and delivering applications or services in
the cloud removes the need for individual organisations to separately
procure and manage costly and complex infrastructure. Many suppliers
to local public services are already making cloud-based products
and services available.
9.8 Government should also consider the overheads
of procurement. Procurement itself should be measured as a percentage
of the overall contract price.
10. How well does Government take advantage
of new technological developments and external expertise?
10.1 Local government has limited or no capacity
for technological developments. Technology is only taken advantage
of when there is a clear business case that a service might be
improved by the use of it. Very rarely does technology inspire
the development of new or improved services. Furthermore, the
history of past, failed IT projects means that business leaders
and service managers are reluctant to take note of and to adopt
10.2 Government works with industry through many
fora and media. However, these tend to be dominated by large companies.
Policies and procedures for procurement make it difficult for
SMEs to engage, with the result that innovative products and services
from them get ignored.
10.3 IT is often an afterthought in the design
and delivery of services, with technology experts simply responding
to the demands of service and business managers. They do not have
an understanding of the underlying objectives or desired outcomes,
nor the process and governance constraints. This hinders the development
of innovative and transformational systems.
11. How appropriate is the Government's existing
approach to information security, information assurance and privacy?
11.1 UK Government has for a long time, been
one of the world leaders in information security, and information
assurance. However, resilience is poorly addressed, while security
tends to be set at disproportionate and costly levels for the
risks facing local public services.
11.2 The current model that links authentication,
credentials and authorisation is incomplete. Federated identity
management would go some way to removing this obstacle by eliminating
the need for multiple authentication systems. Common commercial
standards for data security and privacy could apply to many areas
of public services.
11.3 The new cybersecurity approach is wholly
focused on central government and defence, ignoring the wider
public sector. As more services are devolved and delivered locally,
the threat "surface" will change and the capability
to respond to new threats will need to change with it, without
being hindered by complex frameworks or prohibitively costly contracts.
12. How well does the UK compare to other
countries with regard to government procurement and application
of IT systems?
12.1 It is difficult to draw a direct comparison
between the UK and other countries because of differences in the
type and scale of projects which are put out to tender. However,
the UK does seem to have more than its fair share of failed IT
12.2 Other countries are able to achieve greater
flexibility and speed of procurement, including those in Europe
that need to comply with EU procurement rules. Government should
facilitate an exercise to collate best practice from around the
world, learning from other countries' experiences and providing